Cyber Insurance – What is it and What it Costs

A Cyber Insurance policy is your contingency plan and financial protection against cyber-crime, data breaches, and the peripheral damage that can often come with those things – like legal costs, GDPR violations, and PR disasters.

In the event of a cyber-attack or breach, it’s often the aftereffects that are more damaging than the attack itself. Repair costs, set-up costs, loss of revenue, and more are the problems that cause the most trouble. And though Cyber Insurance is quite new to the market, it’s gaining a lot of momentum globally, because cyber-crime simply can’t be ignored.

Millions of cyber-attacks happen every year. And even if your company has the latest security software, firewalls, and data management systems in place, cyber-crime evolves just as fast as technology does, so it’s not always possible to keep up. And some Small-to-Medium Enterprises (SMEs), simply can’t afford to. 

That’s where Cyber Insurance can save your business – in some cases, even from certain doom. You may be surprised to learn that, according to a recent article by the Info Security group, cyber-crime is said to cost the global economy $2.9 million every minute!

Know your cover

Generally, you don’t buy a pair of trousers without trying them on. Knowing what you’re buying and how it fits you is just as important with Cyber Insurance. No two businesses are identical, and the types of liability coverage that different businesses need vary just as much.

Essentially, there are two types or categories of cover: First party and third-party liability.  

Once you understand the difference between the two, the division makes a lot of sense. First-party coverage is a direct cover against the event. So, it includes loss of income or cover for money lost, damage to property, and loss of important data.

The first-party cover can also be employed in the event of ransomware attacks, which involve criminals holding your information for ransom until they are paid, communication blockages, and even post-attack investigations.

Third-party cover normally kicks in after first-party issues are resolved, but it’s no less important in many cases. Say your client’s proprietary or personal information is stolen, that leaves your company open to legal action and data code violations. Legal costs can be exorbitant and it’s always important to consider that you may not be able to afford to cover them.

And then, there’s communication and public relations. If your client’s data is stolen, you may need to do some damage control and reputation management through a PR or marketing agency – or even yourself. These costs can also add up. Third-party Cyber Insurance covers that.

You may also need to staff up – at least temporarily – to do damage control within the business as a result of a cyber-attack. And think about the consequences if malware your company downloaded infects a client, partner, or supplier’s network. Your company could be liable for any damage caused.

Not all businesses need third-party coverage. But it is advisable for companies that are largely technology-based to consider it.

So, how much do you need to spend?

In a blog post wrote “Cyber Insurance costs vary, depending on what your scope of coverage includes and on what size your company is. The type of business you run is also a concern, and there’s no “one size fits all” package. The important thing to do is to weigh up the cost of your insurance package against the potential costs of a data breach, cyber fraud, or GDPR violation fine.”

You’re likely to see quite a few online offers for “comprehensive” cover for £10 or less. And these may be legitimate, but at that price, there will be notable exclusions from your cover. You’ll probably have to pay more than that to get the cover you need.

If you’re looking for a ballpark figure, an SME with around £500 000 turnover will get average cyber cover starting at around £200 per year. When you pay that kind of amount, consider that it should cover your company against:

  • Data breach measures – If your company or clients’ sensitive information is compromised, your policy will cover you for, undertaking investigative measures, client and regulatory communication, and customer support.
  • Damage control – If your business is hacked, you’ll need to cover repair costs and re-establish control over your systems. Most policies will cover this. 
  • Cyber liability covers – If sensitive data that doesn’t belong to your company is compromised, you are at risk of legal action and GDPR violation fines. Cyber insurance can help you cover legal costs and fines (within reason).
  • Los of income – Any attack can cause business interruption, loss of sales, loss of customers, or temporary closure. Cyber Insurance should cover your company against these contingencies.
  • Ransom – If your data is being held hostage and you have to pay a ransom, Cyber Insurance can cover the costs.
  • Public relations – A breach can seriously tarnish any organization’s image and require public relations and communication measures to regain damaged trust. This can also be included on the cover.

Finding a Cyber Insurance policy that’s the right fit and the right price requires a thorough aggregation of all the facts. That needn’t involve hours of research, though. You can find all the information you need to make a learned comparison on this site. Having a professional Cyber-Security Risk Assessment conducted is always advisable. This will help you narrow down your potential first or third-party liability so you can decide on the right cover.

What’s happening in the world?

According to the Cyber Security Source, the average cost of cyber insurance increased by around five percent in 2019, compared to the previous year. This can probably be attributed to the ever-increasing amount of cyber-attacks that are occurring worldwide, meaning demand is increasing and insurers are having to expand their service offerings. cites that in spite of the increased risks, in April 2019 there was still only a staggering 11 percent of businesses in the UK who had Cyber Insurance. Globally, the Cyber Insurance business is growing. The market’s current value is an estimated £3,7 billion and it’s not showing any sign of slowing down, with high-profile attacks like the British Airways data breach and the Adobe attack making headlines.

The GDPR and NIS Directive both require that companies have cybersecurity and information protection measures in place, and can find your company up to four percent of your annual turnover for a violation. Did you know that Cyber Insurance policies can include cover for paying these fines?

What you should look out for

Cheaper premiums often mean you’ll get what you pay for. And just as there are opportunists online, there are opportunists who will try to cash in on consumer needs and interests.

Every policy you pay for will include a finite number of contingencies that the policy will cover you for. This is where an enquiring mind is very important. If you speak to a consultant, don’t be afraid to ask questions about what your monthly premium includes.

You’re better off getting cover from an established and reputable service provider, even if they don’t offer the cheapest premium possible because, first of all, you can rest assured that they aren’t a “fly-by-night” operation that will make off with your premium and, second of all, the company will have the relevant experience you’ll need to rely on in the event of a claim.

You should also lookout for any excesses you may have to pay. Some insurance policies do have excesses attached to them and this isn’t necessarily a bad thing. But it’s important to know what the excess applies to and under what circumstances it applies.

Attacks in the cyber world have a real effect on business

The real cost to consider is not your premium but the price you could pay if you don’t have Cyber Insurance. In the UK, SMEs are the worst affected, partly because they make up the vast majority of businesses and partly because they can be softer targets for cyber-criminals.

More than half of all UK SMEs have experienced a cyber-attack of varying scope at one time or another. As legitimate businesses become more connected every day, so do cyber attackers. In 2018, almost five million cyber-crimes took place in England and Wales. Two-thirds of those attacks involved cyber-fraud.

In January this year, the BBC reported that victims of cyber-crime in the UK lose over £190,000 per day to cyber-crime. That is the actual cost that should be top-of-mind.

Keep yourself informed

The cost of a cyber-attack is a very real consideration in this day and age. Perhaps it’s time to consider protecting your company and yourself against the risks.

Now that you’ve armed yourself with some information, you can compare actual costs from some of the most reputable Cyber Insurance providers in the UK. Our site provides a completely objective comparison platform for people in the UK who are trying to find the right cover for their companies or for themselves.

Keep visiting this site for more informative content to keep you in the know.

Dragan Sutevski

Posted by Dragan Sutevski

Dragan Sutevski is a founder and CEO of Sutevski Consulting, creating business excellence through innovative thinking. Get more from Dragan on Twitter. Contact Dragan